
#ifndef __AES_DECRYPT_H
#define __AES_DECRYPT_H

#include "CryptoPipeBlock.h"
#include "../aprtools/APRBucketBrigade.h"
#include <openssl/aes.h>
#include <openssl/evp.h>
#include "AESSymmetricKey.h"

/** Class encapsulating an interface to decryption with an AES key. */
class AESDecrypt : public CryptoPipeBlock
{
   public:
      AESDecrypt(const AESSymmetricKey &aeskey);
      AESDecrypt(APRBucketBrigade &iinput, APRBucketBrigade &ioutput, const AESSymmetricKey &aeskey);
      ~AESDecrypt();
      // Encrypt data block and return encrypted data
      char *processDataBlock(const char *codedblock, apr_size_t codedsize, apr_size_t *plainsize);
      // Begin encryption of the data pipe
      int processPipeBegin();
      // Step through the encryption of the data pipe
      int processPipeStep();
      // Step through the data, recording data movement
      int processPipeStep(int *movementin, int *movementout);
      // End encryption of the data pipe
      int processPipeEnd();
      /** Was the process secure? */
      int processWasSecure() { return 1; }
   private:
      /** The key given in a base64-encoded string. */
      char *keypassword;
      /** The key extracted from the usual base64 format. */
      char *binarykey;
      /** The length of the key. If the length is too long for the
       * cryptographic mode, the remainder is used as IV. */
      int binarylength;
      /** The input bucket brigade. As this is pointer to the outside,
       * it is not deleted in the destructor. */
      APRBucketBrigade *input;
      /** The output bucket brigade. As this is pointer to the
       * outside, it is not deleted in the destructor. */
      APRBucketBrigade *output;
      /** The cipher context which enables use to keep track of the
       * pipe. */
      EVP_CIPHER_CTX e_ctxt;
};

#endif
